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Appl. No. 09/608,986 

Amdt. dated September 26, 2005 

Reply to Office Action of August 25, 2005 

REMARKS/ARGUMENTS 

Claims 8-27 are pending in the present application. In the Office Action mailed August 25, 
2005, the Examiner withdrew claims 14-15 pursuant to a restriction requirement. The Examiner also 
rejected claims 8-13 and 16-27 under 35 U.S.C. § 103(a). 

Reconsideration is respectfully requested in view of the above amendments to the claims and 
the following remarks. 

L Restriction Requirement 

In the Office Action, the Examiner imposed an election/restriction requirement in the present 
case on grounds that "claims 14-15 are directed to an invention that is independent or distinct from 
the invention originally claimed," Office Action, p. 2. The Office Action further noted that the 
remaining claims — i.e., claims 8-13 and 16-27 — have been "constructively elected hy original 
presentation for prosecution on the merits." Id. at p. 3. By this paper, Applicants respectfully affirm 
their election to have claims 8-13 and 16-27 the claims indicated as "Group IT) prosecuted in 
the present case. As such, claims 14 and 1 5 have been formally withdrawn by the present paper. 

H. Rejection of Claims 8. 12. 16-17. 24, 26-27 Under 35 U.S.C. 6 103(a) 

The Examiner rejected claims 8-12, 16-22 and24-27 under 35U.S.C. § 103(a)basedon U.S. 

Patent No. 5,657,390 toElgamal etal (hereinafter "Elgamal") in view ofU.S. Patent No. 6,816,900 

issued to Vogel et al (hereinafter "Vogel") and in further view of the article by Samar entitled 

"Single Sign-On Using Cookies for Web Applications" (hereinafter "Samar"). This rejection is 

respectfully traversed. 

The M.P.E.P. states that 

To establish a prima facie case of obviousness, three basic criteria must 
be met. First, there must be some suggestion or motivation* either in the 
references themselves or in the knowledge generally available to one of 
ordinary skill in the art, to modify the reference or to combine reference 
teachings. Second, there must be a reasonable expectation of success. Finally, 
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the prior art reference (or references when combined) must teach or suggest 
all the claim limitations. The teaching or suggestion to make the claimed 
combination and the reasonable expectation of success must both be found in 
the prior art, and not based on applicant's disclosure. 

The initial burden is on the examiner to provide some suggestion of the 
desirability of doing what the inventor has done. To support the conclusion 
that the claimed invention is directed to obvious subject matter, either the 
references must expressly or impliedly suggest the claimed invention or the 
examiner must present a convincing line of reasoning as to why the artisan 
would have found the claimed invention to have been obvious in light of the 
teachings of the references. 

M.P.E.P. § 2142. 

Applicants respectfully assert that the present claims are patentably distinct from the cited 
references. Specifically, the cited references do not teach or suggest all of the limitation that are 
required by the present claims. For example independent claims 8 and 1 6 each recite a method "for 
providing a single sign-on authentication and privacy" which includes the step of 4 Verifying the 
. submitted certificate with a trusted certificate, wherein the verifying step is performed by a security 
extension in a server and operates to verify a certificate sent from a client to the server." Likewise, 
independent claims 24 and 26 are claims for an apparatus "comprising a computer-readable storage 
medium having executable instructions that enable the computer to " among other things, 'Verify the 
submitted certificate with a trusted certificate, wherein such verifying is performed by a security 
extension in a server and operates to verify a certificate sent from a client to the server." Support for 
these limitations are found throughout Applicants' specification including, for example, page 8, lines 
3-18. 

Such limitations are not taught or suggested by the combined teachings of Elgamal, Vogel, or 

Samar. As noted by the Office Action, the reference which allegedly teaches the step of "verifying 

the submitted certificate with a trusted certificate" is Vogel. Specifically, the Examiner asserts that 

Elgamal lacks disclosure of implementation-specific verification of 
the submitted certificate. However, Vogel teaches that in an SSL 
session, a certificate is verified using a root certificate/trusted 
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certificate to prove that the server is approved for secure connections 
(col. 1, lines 30-40). 

Office Action, p. 4. To the extent that the Examiner is correct in asserting that Vogel teaches the 

limitation of "verifying the submitted certificate with a trusted certificate," Vogel clearly does not 

teach a system in which the 'Verifying step is performed by a security extension in a server and 

operates to verify a certificate sent from a client to the server/* as is required by the present claims. 

On the contrary, Vogel teaches a system in which the 'Verification" occurs at the client computer and 

that such verification is performed on a certificate that has been sent from the server to the client 

See Vogel, Col., 1, lines 30-40. In fact, this passage of Vogel explicitly teaches: 

The SSL protocol uses a public key infrastructure to maintain 
security. In establishing an SSL connection between a client computer 
and a server computer hosting a web page, the server computer 
transmits a certificate to the client computer for verification. If a 
trusted certifying authority has approved the server computer (or web 
page) for secure connections, then a root certificate that is maintained 
at the client and issued by a root certifying authority (CA) will verify 
the certificate received from the server. 

Vogel, Col. 1, lines 30-40 (emphasis added). 

Accordingly because Vogel and the other cited references fails to teach the limitation that the 
Verifying" "is performed by a security extension in a server and operates to verify a certificate sent 
from a client to the server," these references clearly does not teach or suggest all of the limitations 
found in independent claims 8, 16, 24, and 26. Accordingly, these references cannot be used to 
reject these independent claims under 35 U.S.C. § 103(a). Withdrawal of these rejections is 
respectfully requested. 

Claims 9-13 depend either directly or indirectly from independent claim 1 . Claims 17-23 
depend either directly or indirectly from claim 26. Claim 25 depends directly from claim 24. Claim 
27 depends directly from claim 26. Accordingly, Applicants respectfully request that the rejection of 
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claims 9-13, 17-23,25 and 27 be withdrawn for at least the same reasons as those presented above in 
connection with claims 8, 16, 24, and 26. 

IEL Rejection of Claim 13 Under 35 U.S.C. S 103fa> 

The Examiner rejected claim 13under35 U.S.C. § 103(a)basedonElgamalinviewofVogel 
and Samar and in further view of Applied Cryptography. Second Edition by Schneier (hereinafter 
"Schneier'*)- This rejection is respectfully traversed. 

As noted above, a claim cannot be rejected as being prima facie obvious unless all of the 
claim limitations are taught or suggested by the prior art references. See MPEP § 2143.03. In the 
present case, claim 13 depends from independent claim 1. Accordingly, like independent claim 1, 
claim 13 contains the limitation that the "verifying step" "is performed by a security extension in a 
server and operates to verify a certificate sent from a client to the server." As explained in greater 
detail above, this limitation is not taught by Vogel, Elgamal or Samar. Likewise, Applicants can find 
no disclosure in Schneier that relates to this claim limitation. 

Accordingly, this combination of references does not teach or suggest all of the limitations 
found in claim 13 and this claim cannot be rejected as being obvious under 35 U.S.C. § 103(a). 
Withdrawal of this rejection is respectfully requested. 

IV. Rejection of Claim 23 Under 35 U.S.C. S 103(a) 

The Examiner rqected claim 23 under 35U.S.C. § 103(a) based on Elgamal in view of Vogel 
and Samar and in further Anew of Handbook of Applied Cryptography bv Menezes et at (hereinafter 
"Menezes"). This rejection is respectfully traversed. 

As noted above, a claim cannot be rejected as being prima facie obvious unless all of the 
claim limitations are taught or suggested by the prior art references. See MPEP § 2143.03. In the 
present case, claim 23 depends from independent claim 1 6. Accordingly, like independent claim 1 6, 
claim 1 3 contains the limitation that the 'Verifying step" "is performed by a security extension in a 
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server and operates to verify a certificate sent from a client to the server." As explained in greater 
detail above, this limitation is not taught by Vogel, Elgamal or Samar. Likewise, Applicants can find 
no disclosure in Menezes that relates to this claim limitation. 

Accordingly, this combination of references does not teach or suggest all of the limitations 
found in claim 23 and this claim cannot be rejected as being obvious under 35 U.S.C. § 103(a). 
Withdrawal of this rejection is respectfully requested. 

V. Conclusion 

Applicants respectfully assert that all pending claims are patentably distinct from the cited 
references, and request that a timely Notice of Allowance be issued in this case. If there are any 
remaining issues preventing allowance of the pending claims that may be clarified by telephone, the 
Examiner is requested to call the undersigned. 



Date: September 26, 2005 

MADSON & METCALF 
Gateway Tower West 
15 West South Temple, Suite 900 
Salt Lake City, Utah 84101 
Telephone: 801/537-1700 



Respectfully submitted, 




Reg. No. 42,273 
Attorney for Applicant 
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